Update Terraform aws to v5.66.0 #2289
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Terraform' | |
| on: | |
| workflow_dispatch: | |
| push: | |
| jobs: | |
| terraform: | |
| name: 'Terraform' | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: "1.9.2" | |
| - name: Terraform Init | |
| working-directory: terraform | |
| run: terraform init | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
| TF_VAR_oracle_compartment_id: ${{ secrets.TF_VAR_ORACLE_COMPARTMENT_ID }} | |
| TF_VAR_oracle_fingerprint: ${{ secrets.TF_VAR_ORACLE_FINGERPRINT }} | |
| TF_VAR_oracle_private_key: ${{ secrets.TF_VAR_ORACLE_PRIVATE_KEY }} | |
| TF_VAR_oracle_tenancy_ocid: ${{ secrets.TF_VAR_ORACLE_TENANCY_OCID }} | |
| TF_VAR_oracle_user_ocid: ${{ secrets.TF_VAR_ORACLE_USER_OCID }} | |
| - name: Terraform Format | |
| working-directory: terraform | |
| run: terraform fmt -check | |
| - name: Terraform Plan | |
| working-directory: terraform | |
| run: terraform plan | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
| CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| TF_VAR_ssh_pub_key: ${{ secrets.SSH_PUB_KEY }} | |
| TF_VAR_workstation_ssh_pub_key: ${{ secrets.WORKSTATION_SSH_PUB_KEY }} | |
| TF_VAR_oracle_compartment_id: ${{ secrets.TF_VAR_ORACLE_COMPARTMENT_ID }} | |
| TF_VAR_oracle_fingerprint: ${{ secrets.TF_VAR_ORACLE_FINGERPRINT }} | |
| TF_VAR_oracle_private_key: ${{ secrets.TF_VAR_ORACLE_PRIVATE_KEY }} | |
| TF_VAR_oracle_tenancy_ocid: ${{ secrets.TF_VAR_ORACLE_TENANCY_OCID }} | |
| TF_VAR_oracle_user_ocid: ${{ secrets.TF_VAR_ORACLE_USER_OCID }} | |
| - name: Terraform Apply | |
| if: github.ref == 'refs/heads/master' | |
| working-directory: terraform | |
| run: terraform apply -auto-approve | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
| CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| TF_VAR_ssh_pub_key: ${{ secrets.SSH_PUB_KEY }} | |
| TF_VAR_workstation_ssh_pub_key: ${{ secrets.WORKSTATION_SSH_PUB_KEY }} | |
| TF_VAR_oracle_compartment_id: ${{ secrets.TF_VAR_ORACLE_COMPARTMENT_ID }} | |
| TF_VAR_oracle_fingerprint: ${{ secrets.TF_VAR_ORACLE_FINGERPRINT }} | |
| TF_VAR_oracle_private_key: ${{ secrets.TF_VAR_ORACLE_PRIVATE_KEY }} | |
| TF_VAR_oracle_tenancy_ocid: ${{ secrets.TF_VAR_ORACLE_TENANCY_OCID }} | |
| TF_VAR_oracle_user_ocid: ${{ secrets.TF_VAR_ORACLE_USER_OCID }} | |
| - name: Setup Ansible & install requirements from Ansible Galaxy | |
| if: github.ref == 'refs/heads/master' | |
| working-directory: ansible | |
| run: | | |
| sudo apt update | |
| sudo apt install software-properties-common -y | |
| sudo pip3 install bcrypt | |
| ansible-galaxy install -r requirements.yml | |
| - name: Write private SSH key | |
| if: github.ref == 'refs/heads/master' | |
| run: | | |
| echo "${{ secrets.SSH_PRIV_KEY }}" > ./ansible/key.pem | |
| chmod 0600 ./ansible/key.pem | |
| - name: Run initial Ansible Playbook | |
| if: github.ref == 'refs/heads/master' | |
| working-directory: ansible | |
| run: ansible-playbook init.yml -i hosts.yml -v | |
| env: | |
| ANSIBLE_HOST_KEY_CHECKING: false | |
| - name: Run B2 Ansible Playbook | |
| if: github.ref == 'refs/heads/master' | |
| working-directory: ansible | |
| run: ansible-playbook b2.yml -i hosts.yml -v | |
| env: | |
| ANSIBLE_HOST_KEY_CHECKING: false | |
| B2_BUCKET: ${{ secrets.B2_BUCKET }} | |
| B2_KEY: ${{ secrets.B2_KEY }} | |
| B2_SECRET: ${{ secrets.B2_SECRET }} | |
| - name: Run System Ansible Playbook | |
| if: github.ref == 'refs/heads/master' | |
| working-directory: ansible | |
| run: ansible-playbook system.yml -i hosts.yml -v | |
| env: | |
| ANSIBLE_HOST_KEY_CHECKING: false | |
| INFLUXDB_INFLUXDB_USER_PASSWORD: ${{ secrets.INFLUXDB_INFLUXDB_USER_PASSWORD }} | |
| TRAEFIK_PILOT_TOKEN: ${{ secrets.TRAEFIK_PILOT_TOKEN }} | |
| - name: Run Monitoring Ansible Playbook | |
| if: github.ref == 'refs/heads/master' | |
| working-directory: ansible | |
| run: ansible-playbook monitoring.yml -i hosts.yml -v | |
| env: | |
| ANSIBLE_HOST_KEY_CHECKING: false | |
| INFLUXDB_INFLUXDB_ADMIN_PASSWORD: ${{ secrets.INFLUXDB_INFLUXDB_ADMIN_PASSWORD }} | |
| INFLUXDB_INFLUXDB_USER_PASSWORD: ${{ secrets.INFLUXDB_INFLUXDB_USER_PASSWORD }} | |
| - name: Run Feedbin Ansible Playbook | |
| if: github.ref == 'refs/heads/master' | |
| working-directory: ansible | |
| run: ansible-playbook feedbin.yml -i hosts.yml -v | |
| env: | |
| ANSIBLE_HOST_KEY_CHECKING: false | |
| FEEDBIN_AWS_ACCESS_KEY_ID: ${{ secrets.FEEDBIN_AWS_ACCESS_KEY_ID }} | |
| FEEDBIN_AWS_S3_BUCKET: ${{ secrets.FEEDBIN_AWS_S3_BUCKET }} | |
| FEEDBIN_AWS_S3_BUCKET_NEWSLETTERS: ${{ secrets.FEEDBIN_AWS_S3_BUCKET_NEWSLETTERS }} | |
| FEEDBIN_AWS_SECRET_ACCESS_KEY: ${{ secrets.FEEDBIN_AWS_SECRET_ACCESS_KEY }} | |
| FEEDBIN_CAMO_KEY: ${{ secrets.FEEDBIN_CAMO_KEY }} | |
| FEEDBIN_ENTRY_IMAGE_HOST: ${{ secrets.FEEDBIN_ENTRY_IMAGE_HOST }} | |
| FEEDBIN_EXTRACT_SECRET: ${{ secrets.FEEDBIN_EXTRACT_SECRET }} | |
| FEEDBIN_EXTRACT_USER: ${{ secrets.FEEDBIN_EXTRACT_USER }} | |
| FEEDBIN_POSTGRES_PASSWORD: ${{ secrets.FEEDBIN_POSTGRES_PASSWORD }} | |
| FEEDBIN_SECRET_KEY: ${{ secrets.FEEDBIN_SECRET_KEY }} | |
| - name: Run cleanup Ansible Playbook | |
| if: github.ref == 'refs/heads/master' | |
| working-directory: ansible | |
| run: ansible-playbook cleanup.yml -i hosts.yml -v | |
| env: | |
| ANSIBLE_HOST_KEY_CHECKING: false |